Security Policy

Physical security

The servers running Ziik are physically located in a data center in Germany and managed by a Ziik technology partner. The hardware is kept separate from other providers’ hardware - both in virtual terms and in tangible terms such as locked cages as described in Linode's security description

Network security

All traffic from the Internet to the servers goes through our load balancers where firewalls ensure that only traffic on relevant outfacing services is allowed. “Outfacing services” currently denotes web servers, but can include other services in the future. Databases and file services, however, are internally accessible only.

Data security

Each client has a separate database in our database cluster with individual login credentials, keeping data contained from other clients. One client will never be able to access data from other clients.

Files are physically stored in separate folders on the file servers to ensure the same level of containment as the databases.

Application security

Users can access data available to that user only, based on the user’s user type, unit and area.

Passwords are one-way hashed with per-user salts ensuring that if a malicious person should get a hold of one or more password hashes, each password will have to be cracked individually, immensely prolonging the time needed and resources required to do so in the large scale.

Connection security

All communication between clients and Ziik uses Transport Layer Security encryption - more commonly referred to as SSL or TLS - to ensure confidentiality of data sent and received.